The way we handle privacy and security is a vital part of our responsibility to our customers. Protecting their personal information and respecting their privacy is fundamental to maintaining trust. Everyone at Shinydocs Corporation understands how important protecting and respecting our customer’s information is to our business. We foster a strong internal culture that is committed to privacy and security.
Senior management is committed to ensuring the organization is compliant with privacy legislation. Jason Cassidy, CEO of Shinydocs and Privacy Officer is responsible for data privacy, accountable management, and management reporting procedures.
Personal Data Inventory
Shinydocs adheres to the principles set out in the Personal Information Protection and Electronic Documents Act (PIPEDA) regarding the collection, use or disclosure of personal information as set out by the Office of the Privacy Commissioner of Canada.
An assessment through the Office of the Privacy Commissioner of Canada has been completed (attached) to determine and document what personal information is required and held, the reasons for the collection of said information and the sensitivity of the information it holds.
Shinydrive does not collect sensitive or potentially sensitive information for use. As a result consent practices, both express, implied and opt-out are inapplicable. There are currently no employees who see or process information, there is no personal information in paper format, and no personal information in electronic format. We will monitor collection practices on an ongoing basis with bi-annual risk assessments and adjust accordingly to create operational policies and procedures consistent with data privacy requirements and operational risk management objectives.
Training and Awareness
Information Security Risk
Shinydocs Corporation has conducted an risk assessment on the security of the application’s physical configuration and environment, software, information handling processes, and user practices. This is part of our continued effort to manage and secure our information assets. This is an ongoing process and subject to frequent change as the technology matures and processes continually evolve.
Shinydocs Corporation worked with independent researchers at the University of Waterloo to complete this security audit to ensure diligence in the preservation of confidentiality, integrity and availability of information. The technical investigation utilized a mathematical security model* (see Composing Kerberos and Mulitmedia Internet KEYing (MIKEY) for Authenticated transport of Group Keys) of the Shinydocs application for data at rest, in transit, and in cache. This was to ensure our implementation of AES encryption on clients and server, and use of SSL/TLS for communication, had not weakened any of the static strengths of the technologies.
Along with the assessment came several recommendations to harden security and Shinydocs Corporation is working to implement these.
Scope and Methodology
We conducted this audit in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. Audit procedures consisted of initial meetings with researchers at the University of Waterloo to define the scope and objectives of the security audit. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.